Seven participants of the Central Bank of Ireland’s Innovation Sandbox Programme on ‘Combatting Financial Crime’ are:


1) AMLYZE is building an AML/CFT information-sharing framework that will use structured taxonomies and synthetic data to simplify detecting and preventing fraudulent activities.
​
2) Expleo Group has developed an anti-SMS fraud solution which installs on mobile phones to combat SMS fraud.

3) Forward Emphasis and Pasabi’s joint innovation will develop and test a Motor Insurance Application Fraud Analytics solution, leveraging AI-driven behavioural analytics, machine learning, and pattern recognition to detect fraud in the pre-sales process.

4) Roseman Labs enables secure, GDPR-compliant collaboration and analysis on sensitive data for regulated industries.

5) Sedicii (hello Rob Leslie) and PTSB Sedicii has partnered with PTSB to create a secure and private collaboration using zero knowledge proofs to verify names and addresses, in real-time, as part of their customer KYC process, using ESB Networks as the authority for address data in Ireland in full compliance with GDPR and which involves no sharing of personal data.

6) TrustElevate.com offers a privacy-preserving solution for verifying parental responsibility and child age.

7) Vidos.Id is developing digital identity verification solutions to help financial institutions verify digital identity documents and wallet-based credentials.

There are many familiar names here and a couple we hadn't encountered at www.moneylaundering.ie and www.fintechireland.com. Since this all very serious hashtag#regtech, we better dust off the www.regtechireland.com website!

All the best to the cohort.

First posted here

Combatting Financial Crime Theme

The theme of the Innovation Sandbox Programme is:
“Combatting Financial Crime – Through the use of innovative technology, foster and develop innovative solutions that minimise fraud, enhance KYC/AML/CFT frameworks, and improve day-to-day transaction security for consumers.”

The programme will encourage collaboration across the ecosystem to support the fight against financial crime. Programme outputs will include inter alia the documentation and sharing of learnings in fraud prevention and detection. The programme also aims to facilitate the development of new ventures and new business models that solve challenges identified in this sandbox theme and facilitate the faster and safer deployment of substantially new technologies, products, or services.

The Sandbox Programme framework comprises:

• A structured programme of workshops
  Each month participants will engage in workshops on specific topics relevant to the theme of Combatting Financial Crime. The topics will be relevant to participants and tailored to their needs and requirements as much as possible.
  
  
• Ongoing bespoke engagement with dedicated Sandbox Relationship Managers
  Each participant will engage regularly with their dedicated Sandbox Relationship Manager, who will act as their point of contact to oversee and coordinate participation throughout the programme. The Sandbox Relationship Manager will also liaise with a broad range of Central Bank teams – from across the pillars of Consumer and Investor Protection, Financial Regulation, and Monetary and Financial Stability – to provide regulatory advice and support as required.
  
  
• Access to Data Platform
  Each participant can avail of access to a Data Platform offering data sets and tools relevant to the theme of Combatting Financial Crime. This will allow participants to test and develop their innovation.

The methodology and delivery of this programme will be subject to continual assessment and impact review.

Read more here

Linkedin Post:  

Three weeks ago our Peter Oakes posted the news that Mary-Elizabeth McMunn (formerly Director of Banking, Payments and Credit Unions) at the Central Bank of Ireland was appointed, effective 1 January 2025, as Deputy Governor Financial Regulation at the Central Bank.  This followed news that now former Deputy Governor, Sharon Donnery, had accepted appointment by the European Central Bank to be its representative of the Supervisory Board.

Over the past few weeks various bits and pieces of news about other moves within the Central Bank executive team has dripped into the media.  As at the start of January 2025 we now have official confirmation of those movements.  These are:

• Colm Kincaid becomes Director of Enforcement. Colm was previously Director of Consumer Protection.
• Seána Cunningham becomes Director of Insurance. Seána was previously Director of Enforcement & AML Supervision*
• Gerry Cross, becomes Director of Capital Markets & Funds. Gerry was previously Director of Financial Regulation, Policy & Risk.
• Domhnall Cullinan becomes Director of Banking & Payments. Domhnall was previously Director of Insurance.
• Patricia Dunne becomes Director of Horizontal Supervision*. Patricia was previously Director of Securities & Markets Supervision.
• Adrian Varley becomes Director of Supervisory Risk, Analytics & Data*.  Adrian was previously Director of Prudential Analysis & Inspections.

​
* See below for details of changes to Directorates

In addition to the points raised above arising from the changes to the operating structure at the Central Bank of Ireland, it is worth noting/amplifying that:

• Consumer Protection and AML Supervision have not disappeared.  They have been embedded into relevant sectoral teams across the Central Bank of Ireland's functions.
• while the name 'Credit Unions' is no longer shows in the name of the Banking & Payments Directorate, there is no change to its activities or prominence with the new operating model.
• there is no identification about where the new Fitness and Probity Unit will sit within the Central Bank.  This new unit was announced on 19 December 2024 
• Governance & Operational Resilience Resilience moves to the Horizontal Supervision Directorate from the former Prudential Analysis & Inspections Directorate
• Supervisory Risk & Horizontal moves to the Horizontal Supervision Directorate from the former Financial Regulation - Policy & Risk Directorate.
• 'Enforcement Investigations' is renamed 'Regulatory Investigations' and 'Enforcement Activity' is now replaced by Enforcement Market Abuse & Oversight.
• dropping of word 'Supervision' from the names of the Banking & Payments and Insurance Directorates.

Sources / Further reading:

1. Great to read the news that Mary-Elizabeth McMunn currently Director of Banking, Payments and Credit Unions at the Central Bank of Ireland has been appointed, effective 1 January 2025, as Deputy Governor Financial Regulation at the Central Bank (11 December 2024) - https://www.linkedin.com/posts/peteroakes_deputy-governor-financial-regulation-appointment-activity-7272670698152636417-LyRg?utm_source=share&utm_medium=member_desktop
2. Deputy Governor Financial Regulation Appointment (11 December 2024) - https://www.centralbank.ie/news/article/deputy-governor-financial-regulation-appointment-press-release
3. Transforming Regulation and Supervision - https://www.centralbank.ie/regulation/transforming-regulation-and-supervision
4. Central Bank establishes dedicated Fitness and Probity Unit (19 December 2024) - https://complireg.com/blogs--insights/central-bank-of-ireland-establishes-dedicated-fitness-and-probity-unit
5. Central Bank decision to disband consumer protection unit fuels fears customers will be weakened (7 September 2024) - https://www.independent.ie/business/personal-finance/central-bank-decision-to-disband-consumer-protection-unit-fuels-fears-customers-will-be-weakened/a964031703.html 
6. Central Bank of Ireland: Firms will hear ‘one consistent voice’ following model change (18 November 2024) - https://www.businesspost.ie/news/central-bank-of-ireland-firms-will-hear-one-consistent-voice-following-model-change/

Repeat of News Release:

The Central Bank of Ireland has today (Thursday 19 December 2024) announced the establishment of a dedicated Fitness and Probity Unit.

The fitness and probity regime is a critical element of financial regulation; protecting the public interest by ensuring that people who work in key positions in a financial firm are competent and capable, honest, ethical and of integrity and financially sound.  Since 2020 the Central Bank of Ireland has approved appointments to more than 11,000 roles under the regime.

Speaking today, Governor of the Central Bank of Ireland Gabriel Makhlouf said: “The Enria report, published in July 2024, identified several key areas for improvement in our operation of the fitness and probity regime.  We accepted the findings of the report and have used them as a basis for implementing reforms to enhance the regime’s overall effectiveness. We also committed to implementing the reforms as early as possible and before end 2024.

“Today’s announcement of the establishment of our new dedicated Fitness and Probity Unit within the Bank is a key element of this programme of reform. 

“However, we recognise that this is only a first step towards delivering a fitness and probity gatekeeping process aligned with the spirit and approach of the report.  As such, work will continue in implementing and delivering a regime which supports supervisory judgement, while delivering robust, fair and transparent processes.

“The new unit will be staffed from within our existing complement by experienced regulators from across the Bank."

“Our strategic plan committed to transforming our approach to regulation and supervision – this process is ongoing and our new operating structure, including the dedicated fitness and probity team, will be in place from the start of the new year.”

​Source: https://www.centralbank.ie/news/article/central-bank-establishes-dedicated-fitness-and-probity-unit 

​Firms looking to get authorised in Ireland as a CASP or registered in near future as a VASP should note the following extracts from a speech today by Gerry Cross, Director for Financial Regulation, Policy and Risk at Blockchain Ireland's excellent event this week (see link at end of article) 

•  authorisation is a two way process. A successful process depends crucially on the preparation and approach of the applicant.

 

• key aspects of a successful application, include:

 

1. TRANSPARENCY: (a) firms should act in a fully transparent and open manner with respect to their proposed application; (b) if an applicant is applying in multiple EU jurisdictions for a MiCAR activity the CBI says the firm must disclose this in its application;
2. PREPARATION: (a) firms should prepare well and be appropriately resourced to engage with the CBI 'in a comprehensive and timely manner throughout the assessment process'; (b) preparation also means that firms understand the local regulatory environment.
3. SUPERVISIBILITY: authorised firms should operate with strong local autonomy and be accountable for all aspects of the local entity. Where we identify obstacles to firm’s meeting this expectation, they will not be authorised.
4. CONSUMER FOCUS: firms should ensure that securing customer interests is at the core of their business. This is particularly the case for retail facing business models. [and remember, a 'consumer' are not just people; it covers certain legal persons too].

Source: Technological innovation and financial regulation – a maturing relationship - Remarks by Gerry Cross, Director for Financial Regulation, Policy and Risk, Wednesday 29th May 2024

​Linkedin Post:  https://www.linkedin.com/posts/peteroakes_micar-virtualasset-activity-7201513163152834560-N6m7

Interested in the Central Bank of Ireland's internal and often called 'opaque' fitness and probity assessment process? In which case take the time to read this decision (link below) by the Irish Financial Services Appeals Tribunal - an independent body - to which appeals lay from Central Bank decisions.
 
The Appeal involved a finding by the Central Bank that: "in its “opinion”, the Appellant was “unfit” to hold the two positions in question.". The Appellant, identified as AB, was applying for (as it was then) PCF2 (NED) and PCF3 (Chairman). While the identity of the Appellant is not made known, we know the person is male and he held "similar roles to those which he was applying for in Redhedge and other regulated entities in the same sector."

The crux of the order appears at para 325 on page 79 of the decision (here):

"We are unable to conclude that the decision reached was the correct and preferable decision. There were fundamental procedural flaws which were to be found at all three stages of the process. The Tribunal is satisfied that taken cumulatively – or even individually – the various procedures adopted by the Central Bank did not comply with the requirements of Constitutional and natural justice; including the necessity for fair notice; the duty to give reasons; and the observance of the principle of audi alterem partem." [[Latin for "hear the other side"]

The impugned decision was one which had serious legal consequences, where fundamental legal and constitutional principles had to be applied in the course of performing the statutory functions 

​The Central Bank called the Appellant to what is known as an “assessment interview” and then a “specific interview”. These made adverse findings. There followed a “minded to refuse” letter to the ultimate decision-maker. She largely confirmed these adverse findings and held the Respondent [i.e. the Central Bank] entitled to refuse the applications.
 
 
There is a lot here for the Central Bank to consider and take stock of. And hopefully it does.

​Summary of certain facts

In summary (all the below are direct quotes from decision**):

• the Tribunal finds that the Central Bank’s decision-making process was flawed.
• the Appellant was denied fair procedures at each stage of the process.
• the Appellant was not given full or fair notice of the issues which were intended to be explored.
• the identities of a number of bank officials who were involved in the decision-making process are redacted, although the Tribunal may not adopt this approach in future.
• the impugned decision was flawed as it was based on a flawed preliminary process, because it did not observe the principle of audi alterem partem [Latin for "hear the other side"], and because it did not give reasons, so as to comply with what was required in law. 
• [the Central Bank's decision maker] was reliant on the information which emerged from a previously flawed interview process. The procedural flaws identified in the first two stages of the process fed into the impugned decision.
• the flaws from the Assessment interview fed into and were reflected in this [specific] interview. While there was the appearance of fair procedure, there was an absence of its substance. 
• this Tribunal must find that the decision was, in law, “incorrect” and remit the matter to the Central Bank for reconsideration.
• at the assessment interview, there was an absence of fair notice sufficient to conclude that this part of the process fell below the standard of constitutional fairness. 
• it cannot be said the Central Bank’s submissions were fully correct on the powers of the Tribunal and the Central Bank’s obligations
• the impugned decision was one which had serious legal consequences, where fundamental legal and constitutional principles had to be applied in the course of performing the statutory functions. 

Costs:

• the Appellant should be entitled to his costs; such costs including each of the days of the hearing, for the submissions, pleadings and correspondence subsequent to the impugned decision and any legal costs of the proceedings which gave rise to this Appeal. However the Appellant for reasons noted above is awarded 50% of the costs of the directions hearing.
• the Appellant will be awarded one half of the costs of the directions hearings. 

 
** to ensure that you are aware of the context from which the above quotes are extracted, do read the decision for yourself.
 
A copy of the decision is located here

Linkedin Post here. Do check out the Linkedin page as it contains lots of additional information.

The Central Bank of Ireland issued a statement on its website saying:

• IFSAT found a number of issues in how the Central Bank handled this application [that is putting it very lightly]. 
  
• Accordingly, the Tribunal has returned the application to the Central Bank for reassessment.
  
• We will immediately conduct a reassessment of the application, in accordance with the Tribunal’s directions.
  
• The Central Bank has therefore decided to commission an independent review of the F&P approval process

Friday 20th January 2023: Central Bank of Ireland (CBI) issued a Dear CEO letter to the fintech industries of electronic money institutions and payments institutions.  The purpose is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around its approach to, and judgements around, regulation and supervision.

If you are looking to get authorised as an electronic money or payments institution in Ireland, contact us.  We are working with a number of such applicants and we advise those already authorised on their on-going regulatory obligations, business models and strategy.  See our Authorisation Page with links to useful Authorisation Guides. 

Busy start to the year with enquiries from UK, Asia and the US continuing to roll in about the benefits, opportunities and challenges of establishing a EEA regulated presence in Ireland, particularly for #emoney and #payments. While Ireland is in the top three of the final round, there remains stiff competition (so to speak) from two other leading jurisdictions.
​
Thus it was good to see, , as I am sure others will agree, the Central Bank of Ireland most recent Dear CEO letter issued to emoney and payments institutions on Friday 20 January 2023 by Mary-Elizabeth McMunn, Director of Credit Institutions Supervision. It will help provide greater clarity not only to currently authorised emoney and payments firms, but also those in the authorisation pipeline and those thinking of filing in Ireland.

It is a meaty document at 5,168 words across eleven (11) pages. Download a copy of the letter and additional relevant reading material here - https://complireg.com/blogs--insights/2023-dear-ceo-letter-re-supervisory-findings-and-expectations-for-payment-and-electronic-money-e-money-firms
​
If you wish to get a quick understanding of the letter in terms of your regulatory obligations search the words 'we expect'. You will see those appear eleven (11) times too!

Right now, best to mark in your calendar and work backwards, that an audit opinion on safeguarding, along with a Board response on the outcome of the audit, is to be submitted to the CBI by 31 July 2023. And it is not just a case of ringing your current external auditors and appointing them.  

• Emoney and payments firms will need to demonstrate that they exercised due skill, care and diligence in selecting and appointing auditors for this purpose; including satisfying themselves that the proposed auditor has, or has access to, appropriate specialist skill in auditing compliance with the safeguarding requirements under the PSR/EMR taking into account the nature, scale and complexity of the firm's business.  Let the beauty parades begin.  And so it should be the case!
• The auditor is to provide an opinion confirming:
  "whether the firm has maintained adequate organisational arrangements to enable it to meet the safeguarding provisions of the PSR/EMR on an ongoing basis, with the specific areas, at a minimum, that should be subject to review and assurance by the auditor outlined in Appendix 2 of the Dear CEO Letter.

The purpose of the letter is to reaffirm the CBI's supervisory expectations built on its supervisory experiences, both firm specific and sector wide, and enhance transparency around our approach to, and judgements around, regulation and supervision.


The breakdown of the letter is as follows:

(1)      Supervisory Approach for the Payment and E-Money Sector (provides wider and specific context to our supervisory approach).

(2)      Supervisory Findings (key findings from supervisory engagements over the last 12 months and actions the CBI expects firms to undertake)
➡ Safeguarding;
➡ Governance, Risk Management, Conduct and Culture;
➡ Business Model, Strategy and Financial Resilience;
➡ Operational Resilience and Outsourcing; 
➡ Anti-Money Laundering and Countering the Financing of Terrorism;

• ♻ Risk-Based Approach,
• ♻ Distribution Channels, 
• ♻ Electronic Money Derogation and Simplified Due Diligence

(3) Conclusion and Actions Required (CBI's expectation that this letter is provided to and discussed with your Board, and any areas requiring improvement that directly relate to your firm are actioned).

Next Steps:

Get in contact with Peter Oakes / CompliReg. Founded by the CBI's inaugural Director of Enforcement and AML/CFT Supervision & board director of payments, emoney and MiFID companies. Peter is also a former: FSA (now FCA) enforcement lawyer; senior officer (legal) at ASIC; and adviser to the deputy director of banking at SAMA.


Further Reading:

10 December 2021: Authorisation Guidance and Supervisory Expectations for Payment and Electronic Money Firms (Central Bank of Ireland)
09 December 2021: Central Bank of Ireland Dear CEO Letter on Supervisory Expectations for Payment and Electronic Money (E-Money) Firms

Today (Monday 11 July 2022) the Central Bank of Ireland issued a press release highlighting weaknesses in Virtual Asset Service Providers’ (VASP) AML/CFT Frameworks.

As of today, according to the Central Bank's website, the total number of VASPs registered in Ireland is ZERO.  See image below.

Question: If there are no firms appearing on the register, does that mean that there are no VASPs operating lawfully in Ireland?  

Answer: No.  VASPs established in Ireland and carrying on business as a VASP immediately prior to the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021  coming into force, who applied to the Central Bank for registration before 23 July 2021 are permitted to continue to offer VASP services pending the outcome of their application ('transitional period'). 

While we have heard stories of firms operating as VASPs in Ireland in circumstances where they do not fall under the transitional period, such firms should be subject - if they came to the attention of the Central Bank -  to criminal and/or regulatory investigation.

​Accompanying today's press release is a bulletin in relation to Virtual Asset Service Providers (VASPs), seeking to assist applicant firms to strengthen both their applications for registration and their Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Frameworks.

The Central Bank says while it seeks to anticipate and support innovation in the financial services industry, firms operating in novel areas must ensure their businesses will not be used to launder the proceeds of crime or to finance terrorism.  The Central Bank issued the bulletin to VASPs to assist them in strengthening their applications and frameworks.

Background: Since 23 April 2021, VASPs are required to comply with the relevant AML/CFT obligations under the Criminal Justice Act 2010 to 2021. Any firm wishing to conduct business as a VASP must apply to the Central Bank for registration. The Central Bank says it is currently progressing the assessment of registration applications, and has provided feedback to 90% of applicants on their proposed AML/CFT frameworks.

Findings: The Central Bank identified, in the vast majority of applications:

• a lack of understanding and compliance with key AML/CFT obligations; and
• significant control weaknesses.

See below for further details on the Central Bank's 'findings' observations.
​
The Central Bank reported that the lack of compliance, coupled with control weaknesses, resulted in a significant number of the applicant firms not being able to demonstrate that they could meet their AML/CFT obligations.

Actions: The Central Bank has reconfirmed that it will only register a firm when it is satisfied that the firm can meet its AML/CFT obligations on an ongoing basis. It has said that all current and potential VASP applicants should:

• take actions to rectify weaknesses;
• review the bulletin; and
• be aware that if they fail to register they may face significant criminal and/or administrative sanctions.

The Central Bank also too the opportunity to remind that:

• VASPs are supervised by it for AML/CFT purposes only, and that consumers do not enjoy the Central Bank’s consumer protection mandate in their dealings with VASPs.
• as with all other supervised financial institutions, registered VASPs will be subject to a supervisory levy which will be driven by the level of resources applied to their supervision.

Incomplete Applications: A number of registration applications did not contain the required information and documentation and consequently such applications did not progress to the assessment phase.

• some firms had submitted policies but no accompanying procedures.
• a number of firms submitted a copy of the firm's internal risk register in place of a documented risk assessment.
• majority of firms that did not progress to the assessment phase had not availed of the pre-application meeting and/or had not given consideration to the guidance documents issued by the Central Bank.

Assessment Phase: In undertaking its assessment of registration applications, the Central Bank noted recurring fundamental issues preventing approving of registration applications as the applicants could not meet their AML/CFT legislative obligations or the Central Bank’s expectations. The Central Bank communicated its concerns and expectations to the applicants for further consideration.

The Central Bank helpfully provided a couple of pages in its bulletin (pages 4 - 6) giving an overview of recurring issues identified during the assessment of VASP registration applications.  These are repeated below.

Money Laundering and Terrorist Financing (ML/TF) Risk Assessment: An effective AML/CFT control framework is built on an appropriate ML/TF risk assessment that focuses on the specific ML/TF risks arising from the firm’s business model. This risk assessment should drive the firm’s AML/CFT control framework such that it ensures there are robust controls in place to mitigate and manage the specific risks identified through the risk assessment. The Central Bank identified a significant number of issues with the ML/TF risk assessments conducted by VASP applicant firms, including: 

• A number of firms had not assessed or documented the ML/TF risks as they pertain to the firm’s customers and business activities. The Central Bank expects a Risk Assessment to be specific to the firm and the specific risks that pertain to that firm’s activities and customers. 
• Several VASP applicant firms did not document the inherent ML/TF risks that pertain to the firm or document how, after assessing the effectiveness/strength of the firm’s control environment, the firm had determined the residual risk rating for each of the risk factors as set out in the CJA 2010 to 2021.
• A number of firms did not consider relevant information in the National Risk Assessment, CJA 2010 to 2021 and/or guidance on risk issued by the Central Bank, when documenting the firm’s risk assessment. This included consideration of inherent risk factors, such as Nature, Scale, Complexity, Geographical Risk, Products and Services risk, etc.

Policies and Procedures: When developing AML/CFT policies, controls and procedures (“AML/CFT P&Ps”), firms should maintain a detailed documented suite of AML/CFT P&Ps, which are:

• supplemented by guidance
• accurately reflect operational practices; and
• fully demonstrate consideration of and compliance with all legal and regulatory requirements. 

The Central Bank identified a number of recurring issues with the AML/CFT P&Ps submitted by applicant firms including; 

• Several firms submitted AML/CFT P&Ps that did not meet the Irish legislative and regulatory requirements, in many instance referring to legislative frameworks in other jurisdictions where parent/group entities are situated. Where firms rely on group policies and procedures, these must be sufficiently detailed, applicable to the Irish entity that is applying for VASP registration and meet the Irish legislative and regulatory requirements.
• The Central Bank received several registration applications that included the firm’s policies but failed to include the firm’s procedures that document how the firm meet their legislative obligations. As detailed in the application guidance, applicant firms are required to submit AML/CFT P&P relating to Customer Due Diligence (“CDD”), Transaction Monitoring, Suspicious Transaction Reporting, Financial Sanctions, Record Keeping, Training and Assurance Testing

Customer Due Diligence (“CDD”): 
CDD involves more than just verifying the identity of a customer. Firms should collect and assess all relevant information in order to ensure that the firm:

• Knows its customers, persons purporting to act on behalf of customers and their beneficial owners, where applicable;
• Knows if its customer is a Politically Exposed Person (“PEP”)
• Understands the purpose of the account and therefore understands the expected activity; and;
• Is alert to any potential ML/TF risks arising from the relationship.

The Central Bank identified a number of recurring issues with the CDD AML/CFT P&Ps submitted by applicant firms including;

• A number of applicant firms failed to demonstrate compliance with the legislative obligation to obtain information reasonably warranted by the ML/TF risk on the purpose and intended nature of the business relationship with a customer prior to the establishment of the relationship.
• The Central Bank received several registration applications where the firm failed to demonstrate how screening is conducted for PEPs for both new and existing customers. A number of firms also failed to document how PEP customers are managed including documenting requirement for Senior Management approval, the application of Enhanced Due Diligence (“EDD”) measures to PEPs and enhanced on-going monitoring measures.
• Several firms failed to document policies and procedures relating to the refresh of CDD documentation.

Financial Sanctions Screening: The Central Bank’s expectation is that firms have an effective screening system in place, appropriate to the nature, size and risk of their business. In addition to this, firms should have clear escalation procedures in place to be followed in the event of a positive match.

• Several firms failed to document the frequency of Financial Sanctions screening, how the firm screens (including what, if any, software is used) and also the steps the firm would take in the case of a Financial Sanctions hit.

Outsourcing: A firm can outsource certain AML/CFT Functions, but are reminded that the firm remains ultimately responsible for compliance with its obligations under CJA 2010 to 2021. It is expected that, where firms outsource AML/CFT functions, a documented agreement is in place that clearly defines the obligations of the outsource service provider. Firms should also evidence that sufficient oversight is conducted on the outsourced activity.

A number of VASP applicant firms outsource certain AML/CFT functions to group-related parties and/or non-group related parties.

• Several firms did not include their policies around outsourcing or submit their service level agreements
• In addition to this, several firms have failed to demonstrate sufficient oversight of the outsourced activities or failed to evidence that appropriate regular assurance testing of the outsourced activities takes place.

Individual Questionnaires for proposed Pre-Approval Controlled Function role holders:
A number of firms have failed to or delayed in submitting Individual Questionnaires (IQs) for each of their proposed Pre-Approval Controlled Function (PCF) role holders. IQs should be submitted for each individual proposed to hold a PCF role as soon as practical.

The Central Bank’s expectation on a firm’s presence in Ireland.
In line with the principle of territoriality enshrined in the EU AML Directives and Section 25 of the CJA 2010 to 2021, the Central Bank expects a physical presence located in Ireland and for there to be at least one employee in a senior management role located physically in Ireland, to act as the contact person for engagement with the Central Bank. In addition, in accordance with Section 106 H of the CJA 2010 to 20212 , the Central Bank may refuse an application where the applicant is so structured, or the business of the applicant is so organised, that the applicant is not capable of being regulated to the satisfaction of the Central Bank. 

Further Reading: ​Press Release - Central Bank highlights weaknesses in Virtual Asset Service Providers’ AML/CFT Frameworks 11 July 2022 

Just shy of €100mn, a total amount of fines of €96.7mn, were imposed by the Central Bank of Ireland against AIB and EBS for regulatory breaches affecting tracker mortgage customers.

In the case of:

• AIB  - reprimanded and fined €83,300,000 pursuant to the Central Bank's Administrative Sanctions Procedure (“ASP”) for a series of significant and long-running failings in the treatment of its tracker mortgage customers holding 10,015 mortgage accounts between August 2004 and March 2022. AIB has admitted to 57 separate regulatory breaches.
• EBS - reprimanded and fined €13,400,000, pursuant to its ASP for a series of significant and long-running failings in the treatment of its tracker mortgage customers, holding 2,830 mortgage accounts, between August 2004 and June 2020. EBS has admitted to 36 separate regulatory breaches.

Both fines are net of of a settlement discount procedure scheme, otherwise AIB's fine would have stood at €119,000,000 and EBS's fine at €19,143,000.

The Central Bank’s Director of Enforcement and Anti-Money Laundering, Seána Cunningham said:

• AIB - “The Central Bank has imposed a significant fine on AIB in respect of serious and long running failings in meeting its obligations to its tracker mortgage customers. The consequences of AIB’s prolonged failings were serious and included significant financial strain and distress for those affected and their families. 
• EBS - “The Central Bank has imposed a significant fine on EBS in respect of serious and long running failings in meeting its obligations to its tracker mortgage customers. Mortgage lending is the core of EBS’s business, yet this investigation identified serious deficiencies in EBS’s mortgage services and systems. These deficiencies meant that EBS did not comply with its obligations to customers and many customers lost their tracker product/interest rate margin as a result, and were overcharged for sustained periods of time

CBI Enforcement Publicity Statements:

• AIB
• EBS
• Press Release

Not often, in fact exceptionally rare, that there is news of insider dealing cases being brought in Ireland. But that is a topic for another day.
​
For today (1 May 2022), a Panel of Assessors has, according to reports in both the Sunday Business Post and The Sunday Times [see links #1 & #2 below] concluded that Philip Lynch had indeed traded on insider information, but that there were mitigating factors in the case.

The independent and expert panel concluded that Mr Lynch should receive a public caution, a penalty of €75,000; a disqualification for five years from being involved in any financial services provider; and that he should pay the Central Bank’s legal costs of €37,500. It is reported that Mr Lynch — who has been chief executive of two publicly listed companies in Ireland, One51 and IAWS — has accepted this outcome as punishment for contravening market abuse regulations while he was a director of C&C, which makes Bulmers cider.

The case relates to a ten plus year investigation / inquiry into Mr Lynch buying 200,000 shares in C&C in 2008, when it was searching for a new chief executive. John Dunsmore, who was previously the chief executive of Scottish & Newcastle, became CEO in November 2008.  The news sent shares in the company up over 26 per cent to €1.45. [see link #3 below] 

Last week, the Central Bank lodged High Court proceedings against the businessman as part of the enforcement process of its findings.  The Central Bank issued its finding on December 22 last year and told Mr Lynch it would apply to the High Court to confirm the sanctions.  The case is  listed for hearing on the advance warning list under Ms Justice Mary Irvine on 23 May 2022 according to court records.

Before the Panel of Assessor, the Central Bank had argued that Lynch ought to face a penalty of between €250,000 and €500,000, a public reprimand, and a period of disqualification for five years, because it argued the infringement was within the moderately serious range. The Central Bank's enforcement division argued that it was “beyond a reasonable doubt” that Mr Lynch was in possession of “inside information” when he bought shares in C&C on October 21, 2008. He was aware Dunsmore’s appointment would provide a “wow” factor in relation to the company’s share price.

Lynch’s lawyers argued the sanctions were disproportionate, saying while he was aware of negotiations with Dunsmore, he was not certain of his appointment when buying the shares. His lawyers argued that there was no possibility of him making a short-term gain due to a one-year embargo on directors selling shares.

Back in 2013 C&C was fined € 90,000 by the Central Bank for failing to keep up-to-date records on its “insider” list, the second time the financial regulator has taken action against a non-financial services firm. Between January 2nd, 2008 and January 29th, 2009, the Dublin- and London-listed firm was found to be in breach of the insider list requirements of the Market Abuse Directive. It failed to “regularly and promptly” update its insider list with the identity of people working for C&C who had access to inside information. It also failed to state on the list the date of each and every occasion on which it was updated. [see link #4].

If you are interested in reading about insider dealing case history in Ireland, although it is seven years old, see link #5, 'Lose lips and share flips'. 

Links below to source material:

1. https://www.businesspost.ie/legal/central-bank-finds-philip-lynch-engaged-in-insider-trading-at-cc-ba308779
2. https://www.thetimes.co.uk/article/ex-c-amp-c-director-hit-by-landmark-insider-deal-fine-5npwnz7qc
3. https://www.irishtimes.com/business/markets/market-news/c-c-fined-90-000-by-financial-regulator-1.1254196
4. https://www.irishtimes.com/news/c-c-shares-rise-as-dunsmore-appointed-ceo-1.831402​ 
5.  https://www.independent.ie/business/loose-lips-and-share-flips-31118325.htmll